Commit ef5f0d54 authored by Mindiell's avatar Mindiell

Merge branch 'new-hash' into 'preprod'

Use HMAC-SHA256 instead of SHA1

Closes #29

See merge request !5
parents 5a645e27 4f987deb
Pipeline #2136 passed with stages
in 11 seconds
......@@ -81,9 +81,11 @@ class Bank extends Controller
$sig .= $value . "+";
}
$sig .= CERTIFICATE;
$cb_log->write("sig: " . $signature . " == " . sha1($sig));
if (sha1($sig)!=$signature) {
$error = "Error in signature: " . $signature . " != " . sha1($sig);
### Attempt to do it in hmac-sha256
$sig_hash = base64_encode(hash_hmac('sha256', $sig, CERTIFICATE, true));
$cb_log->write("sig: " . $signature . " == " . $sig_hash);
if ($sig_hash!=$signature) {
$error = "Error in signature: " . $signature . " != " . $sig_hash;
}
// Résultats des vérifications globales
if ($error!="") {
......
......@@ -196,7 +196,7 @@ class Campaign extends Controller
$signature .= $value."+";
}
$signature .= CERTIFICATE;
$signature = sha1($signature);
$signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
$params["signature"] = $signature;
$f3->set('target', $target);
......
......@@ -538,7 +538,8 @@ class Perso extends Controller
$signature .= $value."+";
}
$signature .= CERTIFICATE;
$signature = sha1($signature);
$signature = base64_encode(hash_hmac('sha256', $signature, CERTIFICATE, true));
#$signature = sha1($signature);
$parameters["wsSignature"] = $signature;
$client = new \SoapClient("https://paiement.systempay.fr/vads-ws/ident-v2.1?wsdl");
$result = $client->customerCancel($parameters);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment